Voice print identification portal

ABSTRACT

Systems and methods providing for secure voice print authentication over a network are disclosed herein. During an enrollment stage, a client&#39;s voice is recorded and characteristics of the recording are used to create and store a voice print. When an enrolled client seeks access to secure information over a network, a sample voice recording is created. The sample voice recording is compared to at least one voice print. If a match is found, the client is authenticated and granted access to secure information. 
     Systems and methods providing for a dual use voice analysis system are disclosed herein. Speech recognition is achieved by comparing characteristics of words spoken by a speaker to one or more templates of human language words. Speaker identification is achieved by comparing characteristics of a speaker&#39;s speech to one or more templates, or voice prints. The system is adapted to increase or decrease matching constraints depending on whether speaker identification or speaker recognition is desired.

FIELD OF THE INVENTION

The present invention relates generally to system access control basedon user identification by biometric acquisition and speech signalprocessing for word recognition. More particularly, the presentinvention relates to combining voice based biometric identification forsecuring various computer related devices and speech recognition fordevice control and automated entry of information.

BACKGROUND

The field of processing voice signals for use within a computerizeddevice has traditionally been split into two distinct fields, speakeridentification, and speech recognition. These two fields havehistorically required separate and uniquely designed and configuredsystems. These systems are often provided by different vendors

Speech recognition involves recognizing a human language word spoken bya speaker. In one example, speech recognition is utilized forcomputerized dictation, where a user speaks into a microphone and herwords are recognized and entered into a document. Another example ofspeech recognition is controlling personal electronics, such as acellular telephone or car stereo, through the use of verbal commands.Other applications for speech recognition include: command recognition,dictation, interactive voice response systems, automotive speechrecognition, medical transcription, pronunciation teaching, automatictranslation, and hands-free computing. Speech recognition is typicallyachieved through comparison characteristic qualities of spoken words,phrases, or sentences to one or more templates. A variety of algorithmsare known in the art that allow qualification and/or comparison ofspeech to templates. These algorithms include: hidden Markov models,neural network-based systems, dynamic time warping based systems,frequency estimation, pattern matching algorithms, matrixrepresentation, decision trees, and knowledge based systems. Somesystems will employ a combination of these techniques to achieve higheraccuracy rates.

Speaker identification involves the process of identifying or verifyingthe identity of a specific person based on unique qualities of humanspeech. Human speech is often referred to as a biometric identificationmechanism similar to finger prints or retinal scans. Like fingerprintsand retinal scans, every individual has a unique voice print that can beanalyzed and matched against known voice prints. Like other biometricidentification mechanisms, voice prints can be utilized for verificationor identification.

Verification using a voice print is commonly referred to as voiceauthentication. Voice authentication is achieved in a similar manner tospeech recognition: characteristic qualities of spoken words or phrasesare compared to one or more templates. However, voice authentication ismuch more difficult to successfully achieve than speech recognition.First, speech recognition requires a less stringent match between thespoken word and a speech template. All that must be determined is whatword was said, not who said that word based on a specific accent, pitch,and tone. Second, speaker identification requires matching the speakerto a much larger number of possibilities, because one person must beidentified out of many, not just what word they spoke. Whereas it may beacceptable to take up to several seconds to perform voiceauthentication, speech recognition must be done at a relatively fastpace in order for an interface to be reasonably useable.

Traditionally, the use of speech for identification purposes versusspeech for recognition purposes has been very segmented. While speechauthentication requires complex and demanding comparisons, speechrecognition requires real-time performance in order to meet user needs.Due to these differing requirements, existing systems (includingcomputer hardware, software, or both) have been limited to performingone of these two functions.

The use of speech to authenticate a user has a variety of advantagesover other identification methods. First, like fingerprints or irisscans, every human being has an entirely unique speech pattern that canbe quantifiably recognized using existing technology. Second, unlikefingerprints or iris scans, the input to a speaker identification system(the spoken word) may be different every time, even where the speaker issaying the same word. Therefore, unlike other methods of humanauthentication, speech authentication provides the additional advantageof an ability to prevent multiple uses of the same voice print.

The rise of the computer age has drastically changed the manner in whichpeople interact with each other in both business and personal settings.Along with the rise of the use of technology to conduct everyday life,security concerns with the use of computers have risen dramatically dueto identity theft. Identity theft typically occurs where personalinformation such as bank accounts, social security numbers, passwords,identification numbers . . . etc., or corporate information isaccessible when transferred over networks such as the internet, or whenpersonal information or corporate information is entered into a userinterface. For typical internet transactions such as consumer purchases,bank account transfers . . . etc, the transaction involves both abusiness side (back-end) and a customer side (front-end). The customertypically uses a computer, or handheld device such as a Smartphone orPersonal Digital Assistant (PDA) to communicate during the transaction.Typically, communications during internet transactions are made verysecure by using high security protocols such as Transport Layer Security(TSL) or Secure Socket Layer (SSL). However, when a customer enters ininformation (before it is transferred) at the front-end side of thetransaction, the information is highly vulnerable to theft. In fact, inmost cases of identity theft, personal information is stolen from thefront-end side of the transaction. Therefore, a need exists to providean efficient, more secure means of protecting the identity of one whowishes to interact in a secure environment over networks such as theinternet. More specifically, a need exists to provide a securetransaction environment in which personal or corporate information isnot communicated to the customer front-end in an accessible orrepeatable format.

SUMMARY OF THE INVENTION

The invention described herein seeks to remedy the issues discussedabove by providing a system and method of voice authentication. In oneembodiment, a method of securely authenticating a client seeking accessto secure information or services available through a network isdisclosed herein. In an embodiment, the method includes an enrollmentprocess. The enrollment process may include receiving, at a server, anenrollment request, and a voice recording. The process further includesprocessing, at the server, the voice recording to determine identifyingcharacteristics of the client's voice, and creating a voice printidentification of the client and storing the voice print identification.

In an embodiment, the method also includes an authentication process.The authentication process includes receiving, at the server, a requestfor authentication of a client with an existing voice print. In oneembodiment, the existing voice print was created according to theenrollment process discussed above. In one embodiment, theauthentication process includes receiving a sample recording of theclient's voice. In one embodiment, the process includes processing thesample recording. In one embodiment, the process includes comparingcharacteristics of the sample recording to at least one voice printidentification. In one embodiment, the process includes determining,based at least in part on the comparing, that the client isauthenticated. In one embodiment, the process includes communicating,over the network, an indication that the client is authenticated. In oneembodiment, receiving, at the server, a sample recording of the client'svoice is the only information received from the client that is used todetermine that the client is authenticated.

In another embodiment, a method of securely authenticating a clientseeking access to secure information available through a network isdescribed here. In an embodiment, the method includes an enrollmentprocess. In an embodiment, the enrollment process includes sending, to aserver, an enrollment request. In an embodiment, the enrollment processincludes the voice recording of a client. In an embodiment, theenrollment process includes sending, to a server, the voice recording.In an embodiment, the enrollment process includes receiving, from theserver, an indication that a voice print for the client has been createdand stored based on the voice recording.

In an embodiment, the method also includes an authentication process. Inan embodiment, the authentication process includes sending, to theserver, a request to authenticate the client. In an embodiment, theauthentication process includes sending, to the server, a sample voicerecording of the client. In an embodiment, the authentication processincludes receiving, from the server, an indication that the client isauthenticated. In an embodiment, the authentication process includespermitting the client access to secure information over the networkbased on the indication that the client is authenticated. In oneembodiment sending, to the server, a sample voice recording of theclient is the only information originating from the client that is usedto authenticate the client.

In an embodiment, a system for securely authenticating a client seekingaccess to secure information available through a network is describedherein. In an embodiment, the system includes a back-end computer systemadapted to manage and control access to secure information. In anembodiment, the system includes a front-end interface, adapted toprovide the client with access to the back-end computer system. In anembodiment, the system includes a voice analysis computer system,adapted to verify a client's identity based on a voice sample. In anembodiment, the front-end interface is adapted to provide the clientwith the ability to record a client voice sample and communicate theclient's voice sample to the voice analysis computer system. In anembodiment, the voice analysis computer system is adapted to compare thereceived client's voice sample to at least one voice print andauthenticate the client based at least in part on the comparison. In anembodiment, the voice analysis computer system is adapted to communicatean indication of authentication. In an embodiment, the sample voicerecording of the client is the only information originating from theclient that is used to authenticate the client.

In an embodiment, a method of operating a voice analysis system isdescribed herein. In an embodiment, the method includes receiving, by avoice analysis system, at least one parameter indicating whether thesystem is to operate in a first mode or a second mode. In an embodiment,the method includes receiving, by the voice analysis system, a voicerecording. In an embodiment, the method includes setting voice analysisconstraints to a first level if the parameter indicates the first mode,or setting the voice analysis constraints to a second level if theparameter indicates the second mode. In an embodiment, the methodincludes comparing the voice recording to at least one template. In anembodiment, the comparison is based at least in part on the constraints.In an embodiment, the first mode indicates that the voice analysissystem is to perform speaker identification. In an embodiment, thesecond mode indicates that the voice analysis system is to perform wordrecognition. In an embodiment, if the parameter indicates the firstmode, an indication of authentication is provided. In an embodiment, ifthe parameter indicates the second mode, an indication of the textualvalue of the voice recording is provided.

BRIEF DESCRIPTION OF THE FIGURES

The invention may be more completely understood in consideration of thefollowing detailed description of various embodiments of the inventionin connection with the accompanying drawings, in which:

FIG. 1 illustrates generally a block diagram example of a typicaltransaction over a network.

FIG. 2a and FIG. 2b illustrate generally a flow chart example of oneembodiment of voiceprint authentication.

FIG. 3 illustrates generally an embodiment of the use of voiceauthentication for a client-business transaction over a network.

FIG. 4 illustrates generally an alternative embodiment of the use of avoice authentication system.

FIG. 5 illustrates generally one embodiment of an additional securityfeature.

FIG. 6 illustrates generally one embodiment of an additional securityfeature.

FIG. 7 illustrates generally one embodiment of a voice analysis systemadapted to support both speech recognition and speaker identification.

FIG. 8 illustrates generally a block diagram of one embodiment of animplementation of the system described herein.

FIG. 9 illustrates generally one example of potential data stored by MySQL databases according to the subject matter described herein.

FIG. 10 illustrates generally a flowchart example of an applet accordingto the subject matter described herein.

FIG. 11 illustrates generally a flowchart example of a JSP applicationaccording to the subject matter described herein.

FIG. 12 illustrates generally a flowchart example of a companyadministration JSP application according to the subject matter describedherein.

FIG. 13 illustrates generally a flowchart example of a webadministration JSP application according to the subject matter describedherein.

While the invention is amenable to various modifications and alternativeforms, specifics thereof have been shown by way of example in thedrawings and will be described in detail. It should be understood,however, that the intention is not to limit the invention to theparticular embodiments described. On the contrary, the intention is tocover all modifications, equivalents, and alternatives falling withinthe spirit and scope of the invention as defined by the appended claims.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 illustrates generally a block diagram example of a typicaltransaction over a network. According to the example of FIG. 1, client106 seeks to communicate with a business over a network such as theinterne. To communicate, client 106 uses a front-end interface 101.Front-end interface 101 may be any means with which a client may accesscontent available over a network. A client may access a front-endinterface 101 through any commonly known network access device such as,but not limited to, a computer, a Smartphone, or a PDA. Client 106,through front-end interface 101, communicates with back-end computersystem 102. Back-end computer system 102 may include a back-end server107.

According to the example illustrated in FIG. 1, front-end interface 101communicates with back-end computer system 102 through connection 104. Atypical transaction usually includes authentication of client 106 byback-end computer system 102. Often, authentication is achieved throughclient 106 supplying some form of identification to back-end computersystem 102. Some examples of identification are pin numbers andassociated passwords. Other examples include personal information suchas social security numbers, addresses, telephone numbers, or client's106 mother's maiden name. Due to the need for personal devices discussedabove to be able to connect with a large variety of sources, connection104 between front-end interface 101 and back-end computer system 102 istypically a less than secure connection. As a result of an insecureconnection, the personal information transferred over connection 104 isvulnerable to theft.

FIG. 2a and FIG. 2b illustrate generally a flow chart example of oneembodiment of voiceprint authentication according to the subject matterdisclosed herein. FIG. 2a illustrates generally one embodiment of anaccount initialization process. At 201, a client initiates an accountwith a provider of voiceprint authentication services (serviceprovider). At 202, the client is provided a means to record his/hervoice and instructions for using those means. The client's voice may berecorded by any means known in the art, and in any format known in theart such as mp3 format, way format, or a proprietary audio format. Invarious embodiments, it is to be understood that any digital audioformat (e.g. way, mp3 formats) is within the scope of the subject matterdiscussed herein. In an alternative embodiment, to ensure greatersecurity, a proprietary audio format is used to record the client'svoice. The recording is then transferred to the service provider. At203, the service provider analyzes the client's recording and extractscharacteristics of the client's voice to create a voiceprint thatrepresents the client's identity. At 208, the voiceprint is stored bythe services provider for later use in authenticating the client.

FIG. 2b illustrates generally a voiceprint authentication processaccording to the subject matter disclosed herein. It is assumed in thisembodiment that prior to attempting voiceprint authentication of aclient the client has gone through an account initialization process,such as the process discussed in FIG. 2a . At 204, the client seeksvoice authentication. The client may seek voice authentication for anumber of reasons, including: internet website or telephone access to abank or other commercial service provider, or in person authenticationin a direct buyer/seller transaction. At 205, the client is provided ameans to record his/her voice. The client may be provided instructionsto use a particular word or phrase, or the client may be allowed tospeak any word or phrase for use in authenticating his identity. Arecording of the client's voice is created. At 206, the service providercompares the recording of the client's voice made at step 205 to storedvoiceprints. In one embodiment, the service provider has access to onlythe client's voice recording, and that recording is compared to all thevoiceprints the service provider has access to until a match is found.In another embodiment, the client's voice recording is provided to theservice provider along with a client identification number. Thisembodiment is advantageous in that the service provider need only make asingle comparison, thus decreasing the time and resources needed toauthenticate a client. At 207, if a match is found by the serviceprovider, the client is authenticated.

FIG. 3 illustrates generally one embodiment of the use of voiceauthentication system for a secure access transaction over a networkaccording to the subject matter disclosed herein. In one embodiment,client 301 seeks access to secure information or services. In order todo so, client 301 uses front-end interface 101 to access webpage 302that is available over a network such as the internet. Webpage 302 iscontrolled by back-end computer system 304. In typical transactions suchas described herein, client 301 is required to enter personalinformation such as an account number and/or password into webpage 302.As discussed with respect to FIG. 2, the connection between front-endinterface 101 and webpage 302 may be a non-secure connection. Thereforethe opportunity for identity theft is present.

According to the embodiment illustrated in FIG. 3, instead of passwordand username, a voiceprint is used to authenticate the client and allowhim/her access to secure content on back-end computer system 304. It isassumed for purposes of this discussion that client 301 has previouslyinitiated an account with the voice authentication service provider(service provider) as discussed in FIG. 2.

When client 301 visits webpage 302, the client is offered the abilityto, or required to, use voice authentication to access secureinformation. In various embodiments, client 301 is provided with meansto create a sample voice recording. In various embodiments, the clientis provided an interface through the webpage to record his/her voice.The recording (and possibly a user id associated with the serviceprovider as discussed in reference to FIG. 2) is communicated to voiceanalysis computer system 303. Voice analysis computer system 303 thencompares the received recording to one or more stored voiceprints, andif a match is found, the client's identity is verified.

In one embodiment, voice analysis computer system 303 communicates,using a secure connection, with back-end computer system 304 todetermine whether the particular client 301 has permission to accessparticular content. In one embodiment, voice analysis computer system303 has access to a client security key (and possibly security keysallowing access to back-end computer system 304 itself) that allowsaccess to back-end computer system 304. According to this embodiment,voice analysis computer system 303 transmits the client security key toback-end computer system 304. In response, back-end computer system 304may determine whether client 301 should be granted access, andcommunicates (using a secure connection) authorization of access tovoice analysis computer system 303. Voice analysis computer system 303may then allow access to secure content through webpage 302.

In another embodiment, voice analysis computer system 303 does not haveaccess to a client security key to determine permission. Instead, voiceanalysis computer system 303 attempts to verify the identity of client301, and, if successful, communicates success to back-end computersystem 304. According to this embodiment, back-end computer system 304determines whether client 301 is to be granted permission to accesswebpage 302, and back-end computer system 304 itself communicates andallows access to webpage 302.

In another embodiment, voice analysis computer system 303 verifiespermission by reviewing client and business specific information storedon voice analysis computer system 303. According to this embodiment,voice analysis computer system 303 does not communicate security keys toback-end computer system 304 and receive authorization from back-endcomputer system 304. Instead, the entire authentication process isachieved in voice analysis computer system 303. When a client's identityand permission are verified, authorized access is communicated towebpage 302.

The various embodiments of client authentication illustrated in FIG. 3provide far greater security than previously known systems of clientauthentication. Because only the client's voice recording, and possiblyservice provider username, are entered into and/or communicated overaccessible networks, it is nearly impossible for anyone to get access tothe client's personal information. Identity verification through voiceauthentication provides a significant advantage in that it is nearlyimpossible to replicate a person's voice.

In various other embodiments, client authentication illustrated in FIG.3 may be used to authenticate access to content, information, or devicesother than webpage 302. Examples of such devices include cellularphones, computers, laptops, or a Personal Digital Assistant (PDA). Inone such embodiment, client seeks access to a secure device throughvoice authentication. According to this embodiment, there may or may notbe a back-end computer system 304 that controls the device. In oneembodiment, where back-end computer system 304 does exist, the systemfunctions identically to the above descriptions, however instead ofwebpage 302 access, device access is controlled. In another embodiment,where no back-end computer system 304 exists, the device iscommunicatively coupled to voice analysis computer system 303 through anetwork. According to this embodiment, client 303 is provided means tocreate a sample voice recording. The voice recording is communicated tovoice analysis computer system 303, and the client's 301 voice may ormay not be authenticated. Voice analysis computer system 303 may haveaccess to unlock, or otherwise provide access to, the device. Ifauthentication is verified, voice analysis computer system 303communicates with the device and allows client 301 access to the device.

FIG. 4 illustrates generally an alternative embodiment of a voiceauthentication system to manage client-business transactions over anetwork according to the subject matter disclosed herein. The embodimentillustrated in FIG. 4 is nearly identical with the embodimentillustrated in FIG. 3, except voice analysis computer system 403 isembedded within back-end computer system 404.

FIG. 5 illustrates generally one embodiment of an additional securityfeature according to the subject matter disclosed herein. The embodimentillustrated in FIG. 5 is nearly identical to FIG. 2b , except additionalsecurity steps are added to the process of voiceprint authentication.Similar to FIG. 2b , at 501 a client seeks voice authentication toprocure secured access. At 502, the client is provided a means to recordhis/her voice, and a recording of the client's voice is created. At 503,the service provider compares the recording of the client's voice madeat step 502 to stored voiceprints. At 504, the voice recording iscompared with one or more existing voiceprints to determine if a matchexists. Instead of authentication based primarily on the client's storedvoiceprint alone, the embodiment illustrated in FIG. 5 includes theadditional step of, at 505, comparing the client's voice recording notonly to the client's voiceprint, but also to one or more templates ofrecordings of the client's voice that were previously successful in theauthentication process. This additional step ensures against fraudulentbehavior in that it prevents someone from using a recording of aperson's voice in order to access personal information. At 505, if avoiceprint match is found, and the voice recording has been determinednot to have been used previously, the client is authenticated. At 506,the client's voice recording is stored for later comparison.

FIG. 6 illustrates generally a flow chart of one embodiment of anadditional security feature according to the subject matter presentedherein. As previously discussed, audio data may be recorded and/ortransmitted by any means known in the art, or by a proprietary format.In one embodiment, where a proprietary format is used, the audio data isfurther marked in order to provide additional security. Marking includesinserting, in the audio data, one or more indicators. These indicatorsare readable by systems adapted to utilize the proprietary data format.These indicators provide such systems with the ability to determinewhether the audio data has been used previously, and whether the audiodata has been used fraudulently. Therefore, the embodiment discussedabove provides an additional layer of security to prevent the fraudulentuse of audio data to access personal information. Turning now to FIG. 6,at 601, a client's voice is recorded. At 602, the client's voice isrecorded in a proprietary audio format, or translated to a proprietaryaudio format, and an audio file is created. At 603, markers are insertedinto the audio file and the audio file is transmitted. At 604, the audiodata is received and processed. At 605, the audio file and includedmarkers are processed to determine if the audio file is the one sent,and whether or not the audio file has been determined fraudulent. At606, if the audio file is determined to be non-fraudulent, the audiofile is used for purposes described herein.

FIG. 7 illustrates generally one embodiment of a speech analysis engine701 adapted to support both speaker identification and speechrecognition. According to this embodiment, dual purpose speech analysisengine 701 is adapted to accept as input a flag 702 designating thedesired function of engine 701. Flag 702 indicates to engine 701 whetherspeech recognition 703 or speaker identification 704 is desired.Parameter constraints 705 define the strictness with which speechprocessor 708 determines a match according to speech characteristics. Ifspeaker identification 704 is required, parameter constraints 705 areset with strict requirements that must be met to find a positive matchwith a speaker's characteristics. In contrast, if speech recognition 703is desired, then parameter constraints 705 are set with much lowerrequirements that a positive match with the characteristics of aparticular spoken word is found. Where speaker identification isdesired, engine 701 is adapted to return to the voice analysis computersystem 303 a positive or negative indication of whether the speaker wasidentified 706. At 707, if speech recognition is desired, engine 701 isadapted to return a textual representation of spoken speech 707.

FIG. 8 illustrates generally a block diagram of one embodiment of theimplementation of a voice analysis system 801 as disclosed herein.According to various embodiments, voice analysis system 801 isimplemented such that the system is capable of downloading and executingapplication software to front-end interface 101. Such capabilities areadvantageous to implementation of system 801 because they allow accessand control of front-end interface 101. For example, system 801 may becapable of exercising control over microphone capabilities of front-endinterface 101. In one embodiment, system 801 is implemented using a JavaVirtual Machine environment. According to this embodiment, system 101includes Java Applet 802. Applet 802 is a program with the ability todownload and execute software on front-end interface 101. Applet 802controls much of the user interface requirements of system 801, such asmicrophone functionality.

System 801 may further include Java JSP application 803. Java JSPapplication 803 is adapted to run on voice analysis computer system 303.JSP application is further adapted to communicate with applet 802 toreceive and transfer commands and information from applet 802. In oneembodiment, JSP application 803 is adapted to receive a voice recordingfrom applet 802, and process that voice recording. System 801 mayfurther include one or more databases such as MySQL Database(s) 804. JSPapplication 803, among other applications, may be adapted to store andmanage data in Databases 804.

In some embodiments, system 801 also includes Secure Web BasedAdministration Pages 805. In various embodiments, administration pages805 provide an interface to create, modify, and configure client users.

In some embodiments, system 801 further includes Web Administration andCompany administration JSP applications 806. In various embodiments, WebAdministration and Company Administration JSP applications 806 provide aweb-based interface to configure companies, including companies accessto system 801.

In one embodiment, applet 802 is adapted to run on front-end interface101, while JSP application 803 is adapted to run on voice analysiscomputer system 303. In an alternative embodiment, both applet 802 andJSP application 803 are adapted to run on front-end interface 101. Inyet another alternative embodiment, JSP application 803 is adapted torun on back-end computer system 304.

FIG. 9 illustrates generally one example of potential data stored inMySQL Database(s) 804. Detailed database schema SQL script source codeis included as an appendix to this application.

FIG. 10 illustrates generally a flow chart diagram of one embodiment ofan applet 802 according to the subject matter disclosed herein. In oneembodiment, applet 802 is a Java Applet. In an alternative embodiment,applet 802 is implemented as a Java Midlet instead of a Java Applet. AJava Midlet is preferred when front-end interface 101 is a portabledevice or an embedded device. The term applet as used herein is intendedto refer to either a Java Applet or a Java Midlet. Applet 802 may beadapted to run on front-end interface 101. At 1002, applet 802 isadapted to initialize on front-end interface 101. Initializing mayinclude determining the available sound recording/management hardwareand software available to the front-end interface 101. Initializing mayfurther include receiving input parameters that define what actionsApplet 802 is to take. Input parameters may include: 1) whetherenrollment, re-enrollment, authentication, or speech recognitioncapabilities are desired of applet 802, and 2) identificationinformation such as a user or company identification indicator.Initializing may further include providing a graphical user interface toa user such that the user may select input parameters for applet 802.

At 1003, applet 802 is adapted to capture a client's voice. Voicecapture may include: 1) providing a user interface to allow the clientto record voice, 2) providing instructions to the client, 3) controllingfront-end interface 101 in order to record voice (including measuringbackground noise and setting detection thresholds), 4) verifying thatthe resultant recording meets requirements for further processing, and5) preparing the recording for communication.

In one embodiment, the voice recording is communicated using a TCPprotocol. At 1004, after the user's voice is recorded, applet 802 sendsthe voice recording to JSP application 803 for processing, and verifiesthat the communication was successful. In one embodiment, applet 802sends the voice recording over a secure connection such as an SSLconnection. In one embodiment, JSP application 803 runs on voiceanalysis computer system 303.

At 1005, when JSP application 803 has completed processing the voicerecording, applet 802 processes return values from JSP application 803.Applet 802 processes the return values based on what function wasdesired at 1002. Also at 1005, applet 802 provides the user with aresults display. In one embodiment, if authentication or enrollment wererequested, applet 802 provides the user with an indication thatauthentication was successful or unsuccessful. In another embodiment,where speech recognition was requested, applet 802 provides the userwith a textual indication of the words that were spoken. In a similarembodiment, applet 802 provides the client with a verbal indication ofwords spoken by the client, or applet 802 may also act in response towords spoken by the client. Once the results have been provided to theuser, applet 802 returns to 1002 and allows the client to re-enterparameters.

FIG. 11 illustrates generally a flow chart diagram of one embodiment ofa Java JSP application 803 according to the subject matter disclosedherein. In one embodiment, Java JSP application 803 is implemented as aJava Servlet. In another preferred embodiment, JSP application 803 isrun on voice analysis computer system 303.

At 1102, JSP application 803 awaits a request from applet 802. When arequest is received, JSP application processes the request. At 1103, JSPapplication 803, based on the request from applet 802, determines whatfunction is desired of JSP application 803. JSP application 803determines whether applet 802 requested: enrollment of a new user,re-enrollment of an existing user, authentication of an enrolled user,or speech recognition.

At 1104, and 1105, where enrollment of a new user or re-enrollment of anexisting user is requested by applet 802, JSP application validates theuser ID of the user, processes the voice recording, and updates anenrollment template and stores the template in databases 804. At 1110,data is transferred back to applet 803.

At 1106 and 1107, where authentication of an existing user is requestedby applet 802, the user's user id is validated, the user's voicerecording is processed, and the voice recording is compared to existingvoice templates to determine whether the client is authenticated. If theclient is authenticated, security tokens are prepared for transmissionto applet 802. At 1110, security tokens and other data are communicatedto applet 802.

At 1109, where speech recognition is requested, JSP application 803 isadapted to modify (lessen) voice recognition constraints such that JSPapplication 803 is only adapted to verify a particular word, not aparticular client's voice. At 1108, the voice recording is processed andcompared to stored voice commands. If a match is found, anidentification of a voice command is prepared for communication toapplet 802. At 1110, the identification of a voice command and otherdata are communicated to applet 802.

FIG. 12 illustrates generally one embodiment of a Company AdministrationJSP Application 1201 as disclosed herein. Company Administration JSPApplication 1201, provides an interface to create, modify, and configureclient user data. The client user data consist of the following; UserID,CompanyName, FirstName, LastName, Password, Department, Position,Location, Email, Phone1, Phone2, Phone3, SecurityTokenID's,EnrollmentTemplateID's, and VoiceCommandID's.

FIG. 13 illustrates generally one embodiment of a Web Administration JSPApplication 1301. Web Administration JSP Application 1301 provides aweb-based interface to configure companies, and their access to theVoice Print Portal Solution.

In various embodiments, alternatives are provided for a client who doesnot have access to a front-end interface 101 that is capable ofrecording voice. In one embodiment, a client is provided the ability toselect a “Call In” button. When the “Call In” button has been selected,the client is provided an ordinary telephone number. The user may callthe number in order to record his/her voice.

In another embodiment, the client does not have any access to afront-end interface 101 or the internet. According to this embodiment, aclient is provided with the ability to operate the entire system throughordinary telephone service. The client may communicate with and requestsystem 801 functions through voice commands or though dialing numbers ona telephone keypad. In one embodiment, this telephone only system isimplemented using telephony systems such as IPPC or IPPC express offeredby Cisco Systems, Inc.

Finally, while the present invention has been described with referenceto certain embodiments, those skilled in the art should appreciate thatthey can readily use the disclosed conception and specific embodimentsas a basis for designing or modifying other structures for carrying outthe same purposes of the present invention without departing from thespirit and scope of the invention as defined by the appended claims.

1-18. (canceled)
 19. A method of operating a voice analysis system,comprising: using a front end interface on a computer system thatincludes a microphone to initialize a voice analysis system for a userby inputting at least a first voice recording of the user via themicrophone to be communicated over a network connection to a voiceanalysis computer system that analyzes and stores a template voiceprintfor authentication of the user; using the front end interface to input asecond voice recording of the user via the microphone to be communicatedover the network connection to the voice analysis computer system; usingthe voice analysis computer system to analyze the second voice recordingas one of a plurality of second voice recordings received by the voiceanalysis computer system, including: setting voice analysis constraintsto a level associated with a speaker identification mode; comparing thesecond voice recording to the template voiceprint, wherein thecomparison is based at least in part on the constraints to determine ifthe second voice recording provides a positive match with a voicecharacteristic of the voice template, and if there is a positive match:storing a representation of each second voice recording as part of thetemplate voiceprint for the user; using the voice analysis system tocompare the second voice recording with each of the representations ofeach second voice recording stored as part of the template voiceprintfur the user associated with the positive match to determine that thesecond voice recording has not been used previously for authenticationof the user; and communicating over the communication network anindication of authentication of the user to at least one of the frontend interface to authenticate the user on the computer system or a backend computer system to authenticate access to the back end computersystem only if the second voice recording has not been used previouslyfor authentication of the user.
 20. The method of claim 19 wherein usingthe voice analysis computer system to analyze a plurality of secondvoice recordings further comprises: communicating over the communicationnetwork an indication of an unsuccessful authentication of the user ifthe second voice recording has previously been used for successfulauthentication of the user.
 21. The method of claim 19 wherein using thefront end interface to record the second voice recording furthercomprises: communicating over the network connection to the voiceanalysis computer system an indication of an identity of the userassociated with the second voice recording.
 22. The method of claim 19wherein the second voice recording is the only information used forauthentication of the user.
 23. A method of operating a voice analysiscomputer system having a memory, a processor and a network connection,comprising: receiving over the network connection a first voicerecording of a user input from a front end interface on a computersystem that includes a microphone; initializing a voice analysis systemby analyzing the first voice recording to create a template voiceprintfor authentication associated with the user that includes at least onevoice characteristic attributed to the user; storing the templatevoiceprint in the memory; receiving over the network connection a secondvoice recording from a front end interface on a computer system thatincludes a microphone; using the voice analysis system to create arepresentation of the second voice recording, using the voice analysissystem to perform a comparison of the representation of the second voicerecording as one of a plurality of second voice recordings received bythe voice analysis system with template voiceprints stored in the memoryto determine whether there is a template voiceprint with a positivematch to the second voice recording; and in response to the positivematch: storing each of the representations of the second voicerecordings for the user associated with the positive match; using thevoice analysis system to further perform a comparison of the secondvoice recording with each of the representations stored for the userassociated with the positive match to determine whether the second voicerecording has been used previously for authentication of the user; andcommunicating over the communication network an indication ofauthentication of the user associated with the positive match to atleast one of the front end interface from which the second voicerecording is received to authenticate the user or to a back end computersystem to authenticate access to the back end computer system only ifthe second voice recording has not been used previously forauthentication of the user.
 24. The method of claim 23 wherein using thevoice analysis system further comprises: communicating over thecommunication network an indication of an unsuccessful authentication ofthe user if the second voice recording has previously been used forsuccessful authentication of the user.
 25. The method of claim 23wherein receiving over the network connection the second voice recordingfrom a front end interface further comprises: receiving over the networkconnection an indication of an identity of the user associated with thesecond voice recording.
 26. The method of claim 23 wherein the secondvoice recording is the only information used for authentication of theuser.
 27. A method of operating a voice analysis computer system havingat least a memory, a processor and a network connection with at leastone input computer system configured for user input that includes amicrophone, comprising: receiving over the network connection a firstvoice recording from an input computer system of one or more wordsspoken by a user; enrolling the user in the voice analysis computersystem by analyzing the first voice recording to create and store in thememory a template voiceprint for authentication of the user thatincludes at least one voice characteristic attributed to the user;receiving over the network connection a second voice recording from aninput computer system; using the voice analysis computer system tocompare a representation of the second voice recording with templatevoiceprints stored in the memory based at least in part on a matchrequirement of voice analysis constraints of the at least one voicecharacteristic to determine whether there is a template voiceprint witha positive match and, if so, then: storing the representation of thesecond voice recording as part of the template voiceprint for the userassociated with the positive match; comparing the representation of thesecond voice recording with each part of the template voiceprints forthe user associated with the positive match to determine that the secondvoice recording has not been used previously for authentication of theuser; and communicating over the communication network an indication ofauthentication of the user associated with the template voiceprint withthe positive match only if the second voice recording has not been usedpreviously for authentication of the user.
 28. The method of claim 27wherein communicating over the communication networks includes sendingthe indication to at least one of the input computer system or a backend computer system.
 29. The method of claim 27 wherein using the voiceanalysis computer system further comprises: communicating over thecommunication network an indication of an unsuccessful authentication ofthe user if the second voice recording has previously been used forsuccessful authentication of the user.
 30. The method of claim 27wherein receiving over the network connection the second voice recordingfrom a front end interface further comprises: receiving over the networkconnection an indication of an identity of the user associated with thesecond voice recording.
 31. The method of claim 27 wherein the secondvoice recording is the only information used for authentication of theuser.
 32. A voice analysis computer system having at least a memory, aprocessor and a network connection with at least one input computersystem configured for user input that includes a microphone, comprising:a voice enrollment system adapted to be executed by the voice analysiscomputer system and configured to: receive over the network connection afirst voice recording from an input computer system of one or more wordsspoken by a user; and enroll the user, by analyzing the first voicerecording to create and store in the memory a template voiceprint forauthentication of the user that includes at least one voicecharacteristic attributed to the user; a voice analysis system adaptedto be executed by the voice analysis computer system and configured to:receive over the network connection a second voice recording from aninput computer system; compare a representation of the second voicerecording with template voiceprints stored in the memory based at leastin part on a match requirement of voice analysis constraints of the atleast one voice characteristic to determine whether there is a templatevoiceprint with a positive match wherein, the representation of thesecond voice recording is stored as part, of the template voiceprint forthe user associated with the positive match; a comparison is madebetween the representation of the second voice recording and each partof the template voiceprints for the user associated with the positivematch to determine that the second voice recording has not been usedpreviously for authentication of the user; and an indication ofauthentication of the user associated with the template voiceprint withthe positive match is communicated over the communication network onlyif the second voice recording has not been used previously forauthentication of the user.
 33. The voice analysis computer system ofclaim 32 wherein the voice analysis system communicates the indicationto at least one of the input computer system or a back end computersystem.
 34. The voice analysis computer system of claim 33, wherein thevoice analysis system is adapted to communicate the indication ofauthentication to the back-end computer system, and wherein the back-endcomputer system is adapted to allow the user access to secureinformation managed by the back-end computer system.
 35. The voiceanalysis computer system of claim 33, wherein the front-end interface isadapted to provide the user with an ability to record a user voicesample and communicate the user voice sample to the voice analysiscomputer system along with an indication of an identity of the user. 36.The voice computer system of claim 32 wherein the voice analysis systemcommunicates an indication of an unsuccessful authentication of the userif the second voice recording has previously been used for successfulauthentication of the user.
 37. The voice analysis computer system ofclaim 32, wherein the second voice recording is the only informationused for authentication of the user.